Threat Advisory

Git affected by remote code execution attacks

January 25, 2023 | By Accorian

Recently, Git patched 2 critical vulnerabilities which could be used to launch remote code execution attacks. The issues have been assigned CVE-2022-23521 and CVE-2022-41903. The vulnerabilities affect Git versions up to and including Git 2.39.

CVE-2022-23521 affects the gitattributes mechanism. When parsing gitattributes, multiple integer overflows can occur when there is a huge number of path patterns, or when the declared attribute names are huge. CVE-2022-41903, also a critical vulnerability regarding integer overflow, can be triggered directly by a user running a command which invokes the commit formatting machinery or can be triggered indirectly through the git archive. These integer overflows may result in arbitrary heap writes, which can result in remote code execution.

It is recommended that users of Windows, macOS, and Linux/Unix download and install the most recent git release, which is v2.39.1. Disable the git archive in untrusted repositories if upgrading is unfeasible. Versions 15.7.5, 15.6.6, and 15.5.9 for GitLab Community Edition (CE) and Enterprise Edition (EE) have been issued, according to GitLab, to resolve the issues. Customers are urged to apply the fixes with immediate effect.

Accorian assures to assist all its clients. Please feel free to reach out to us if you have any questions.

Source:

Threat Advisory Team 

Accorian

Recent Post

    Ready to Start?



      Ready to Start?



        Download Case study




          Download Guide




          Human Resources Director

          Posted On: 09 May, 2022

          Drop your CVs to joinourteam@accorian.com

            Interested Position

            First Name

            Last Name

            Email

            Total Experience

            Mobile Number

            Upload Resume